summaryrefslogtreecommitdiff
path: root/tests/auth_tests
diff options
context:
space:
mode:
authorVincenzo Pandolfo <pandolfovince@gmail.com>2016-03-14 20:21:05 +0000
committerTim Graham <timograham@gmail.com>2016-03-14 20:24:19 -0400
commitc6424efbc6114eeefe7ec7545de7e127ed189e92 (patch)
tree40fbd706c200913814c4be6837940dffeef23da6 /tests/auth_tests
parentb50e4ffe7eb9d8797d38f28ae3f51fb443056214 (diff)
[1.9.x] Fixed #26334 -- Removed whitespace stripping from contrib.auth password fields.
Backport of d0fe6c915665fa3220e84bd691ba7002a357e5c5 from master
Diffstat (limited to 'tests/auth_tests')
-rw-r--r--tests/auth_tests/test_forms.py56
1 files changed, 56 insertions, 0 deletions
diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
index 918fe3801a..e902cdd339 100644
--- a/tests/auth_tests/test_forms.py
+++ b/tests/auth_tests/test_forms.py
@@ -169,6 +169,17 @@ class UserCreationFormTest(TestDataMixin, TestCase):
form = CustomUserCreationForm(data)
self.assertTrue(form.is_valid())
+ def test_password_whitespace_not_stripped(self):
+ data = {
+ 'username': 'testuser',
+ 'password1': ' testpassword ',
+ 'password2': ' testpassword ',
+ }
+ form = UserCreationForm(data)
+ self.assertTrue(form.is_valid())
+ self.assertEqual(form.cleaned_data['password1'], data['password1'])
+ self.assertEqual(form.cleaned_data['password2'], data['password2'])
+
@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
class AuthenticationFormTest(TestDataMixin, TestCase):
@@ -279,6 +290,15 @@ class AuthenticationFormTest(TestDataMixin, TestCase):
form = CustomAuthenticationForm()
self.assertEqual(form.fields['username'].label, "")
+ def test_password_whitespace_not_stripped(self):
+ data = {
+ 'username': 'testuser',
+ 'password': ' pass ',
+ }
+ form = AuthenticationForm(None, data)
+ form.is_valid() # Not necessary to have valid credentails for the test.
+ self.assertEqual(form.cleaned_data['password'], data['password'])
+
@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
class SetPasswordFormTest(TestDataMixin, TestCase):
@@ -330,6 +350,17 @@ class SetPasswordFormTest(TestDataMixin, TestCase):
form["new_password2"].errors
)
+ def test_password_whitespace_not_stripped(self):
+ user = User.objects.get(username='testclient')
+ data = {
+ 'new_password1': ' password ',
+ 'new_password2': ' password ',
+ }
+ form = SetPasswordForm(user, data)
+ self.assertTrue(form.is_valid())
+ self.assertEqual(form.cleaned_data['new_password1'], data['new_password1'])
+ self.assertEqual(form.cleaned_data['new_password2'], data['new_password2'])
+
@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
class PasswordChangeFormTest(TestDataMixin, TestCase):
@@ -381,6 +412,20 @@ class PasswordChangeFormTest(TestDataMixin, TestCase):
self.assertEqual(list(PasswordChangeForm(user, {}).fields),
['old_password', 'new_password1', 'new_password2'])
+ def test_password_whitespace_not_stripped(self):
+ user = User.objects.get(username='testclient')
+ user.set_password(' oldpassword ')
+ data = {
+ 'old_password': ' oldpassword ',
+ 'new_password1': ' pass ',
+ 'new_password2': ' pass ',
+ }
+ form = PasswordChangeForm(user, data)
+ self.assertTrue(form.is_valid())
+ self.assertEqual(form.cleaned_data['old_password'], data['old_password'])
+ self.assertEqual(form.cleaned_data['new_password1'], data['new_password1'])
+ self.assertEqual(form.cleaned_data['new_password2'], data['new_password2'])
+
@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
class UserChangeFormTest(TestDataMixin, TestCase):
@@ -673,3 +718,14 @@ class AdminPasswordChangeFormTest(TestDataMixin, TestCase):
self.assertEqual(password_changed.call_count, 0)
form.save()
self.assertEqual(password_changed.call_count, 1)
+
+ def test_password_whitespace_not_stripped(self):
+ user = User.objects.get(username='testclient')
+ data = {
+ 'password1': ' pass ',
+ 'password2': ' pass ',
+ }
+ form = AdminPasswordChangeForm(user, data)
+ self.assertTrue(form.is_valid())
+ self.assertEqual(form.cleaned_data['password1'], data['password1'])
+ self.assertEqual(form.cleaned_data['password2'], data['password2'])